URLhaus Database

You are currently viewing the URLhaus database entry for http://31.41.244.9/guba/rama.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	3114090
URL:	http://31.41.244.9/guba/rama.exe
URL Status:	Offline
Host:	31.41.244.9
Date added:	2024-08-18 11:18:06 UTC
Last online:	2024-08-21 08:XX:XX UTC
Threat:	Malware download
Reporter:	Bitsight
Abuse complaint sent (?):	Yes (2024-08-18 11:19:07 UTC to dl{at}redbytes[dot]ru)
Takedown time:	2 days, 21 hours, 13 minutes (down since 2024-08-21 08:32:15 UTC)
Tags:	Amadey dropped-by-PrivateLoader exe MarsStealer Stealc

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2024-08-21	n/a	exe	12847c870546d30d8992c191775c0e2ce051c7536edb0c9aacc86eecef2e1179	38.67%	Stealc
2024-08-21	n/a	exe	57b97773593b3b07fc9607580db07bcc087b12859609cef3935cd7d933257ec2	36.00%	MarsStealer
2024-08-21	n/a	exe	a3a42db7a3e218aa6e20646efe0998a04da8580b448376c9f2d097479dded0e4	36.00%	MarsStealer
2024-08-20	n/a	exe	ead935f1295b51a63a66d2978ad3c185776e72ee57191694f4b6dcdba2db80e6	36.00%	MarsStealer
2024-08-20	n/a	exe	ff1820e68a7067ef6ad78ea9c19b929eb52729f85e349f75e226615ea72532f2	37.84%	MarsStealer
2024-08-20	n/a	exe	8477d03a892b439f9032134b8f218c985ce81547a7179b49fc773fa4555498e7	37.33%	MarsStealer
2024-08-20	n/a	exe	3f41bd4a137ade5d875f7a46fc2962511642cc4bffef7dfdb1646f30fa8bf229	53.33%	Amadey
2024-08-20	n/a	exe	4f0d4a6051b89dba2bb3402a50fef7f24ec81f50e9ff42539d9cf0d47155fe1b	52.70%	Amadey
2024-08-20	n/a	exe	77193fa24e31ebe1e65ee1fab3fa709b09fd3fca7264e5bd67416560c447a765	55.41%	Amadey
2024-08-20	n/a	exe	d80c8b4507d2bdb403387a86a6483f9c1a656ada581db1e5a00ac9a011840bed	55.41%	Amadey
2024-08-20	n/a	exe	3a504dc5d0fc927ffbf9509ff9e9eb8bd812aa6724630a88d47e57b1fe29aa73	53.33%	Amadey
2024-08-20	n/a	exe	29f70d7977e1f899dea294698fd8a5b4643fc59c33096b7ca4913cc8d243281f	57.33%	Amadey
2024-08-20	n/a	exe	eae0d84af32d23a0fb57fe9e0b3ab4dc6ca181d8da265dcc7bcd2baea45ee8b8	57.33%	Amadey
2024-08-20	n/a	exe	607ea83486ccf97cc49542c3a193f66bc6bbe32512f80ca109aed86960119f2d	54.67%	Amadey
2024-08-20	n/a	exe	e8f71cbcf6e0de49306f7abb28dd2d91546f4866fce7107f469e5a286f2e142a	56.00%	Amadey
2024-08-19	n/a	exe	7ca2db4d4b8e506350a4e6a4b5aad4d0f4916cc2899db1444631cbb9cecc8f75	53.33%	Amadey
2024-08-19	n/a	exe	aedb7fe96ea5451ba7dd11d3ec6d591261206da8cdd8ea4460fa130f75944edd	56.00%	Amadey
2024-08-19	n/a	exe	129366676ec84c8b80324b807e321508fdd4c1b049c7f1ecd7bcc286a59c7b2d	55.41%	Amadey
2024-08-19	n/a	exe	146ac6bf1bfde8e2da24dcdab4117824e3a773686f67cc88f3ac47090bf37b4e	56.00%	Amadey
2024-08-19	n/a	exe	b6fb18598d39f74b07a44ffb01d9456402ab8c074f00e01390760f66add2f725	56.76%	Amadey
2024-08-19	n/a	exe	dcea76f42107adaef2d8bbe2d32bfeae8ad6b1cb94e7d94029934f20f98ba090	56.00%	Amadey
2024-08-19	n/a	exe	d5ff1bf0b5737c4d67cf5b49c1f99def73fb469e7e67a1859746e346759b4b84	53.33%	Amadey
2024-08-19	n/a	exe	73181c643bff01c0a23ff7a31c2936defe659f74ec5c0a4c5b1535d826aa02f7	53.33%	Amadey
2024-08-19	n/a	exe	4465411f981d1c9161d3f5c9119ba27fa3d606188afafb67dc7561e423a14221	59.46%	Amadey
2024-08-19	n/a	exe	57eb081f441d1d4ff2c0cf98bc0be187fd4c16f8b106fc814585542121b6b6af	57.33%	Amadey
2024-08-19	n/a	exe	ea6bafdd17dfdb867c18e1375c2c7e9b1fa3b6edb5155b6e88758e94aaa367c5	58.11%	Amadey
2024-08-19	n/a	exe	270ead3dd3ce3e7e9f2d6882e81ac4e828d421f4c5824951a6756583ed185af2	56.00%	Amadey
2024-08-19	n/a	exe	b06858d69a4fee57203e65fb8426737f4d29bd42792c4653ec32c6b41840e0c7	53.33%	Amadey
2024-08-19	n/a	exe	15efcb38c675d5fdf7878c390544393f462b29d46e8c8483bb748ae6561d4e76	56.76%	Amadey
2024-08-19	n/a	exe	a840d5528122d46386909e7998b18d963b0d02a68a5de2ceb9cee1dc427ba50d	n/a	Amadey
2024-08-18	n/a	exe	5f28d9278ff003990202cef9ac9505c49e526a3208f6ad38ba59190a3b57d14b	54.67%	Amadey
2024-08-18	n/a	exe	7b53c4e72addc4ce463a871011c8603aa416152fe8ce40d74516130437830ea7	54.67%	Amadey
2024-08-18	n/a	exe	20f8a273a27325a7268632c1037d019b9d7a22a24526b30d50cb283b4014f480	n/a	Amadey
2024-08-18	n/a	exe	917f617aebc0d82d801c0ad0a0ba14e6d8a7c67b62db883a4c12bbe833a28561	56.00%	Amadey
2024-08-18	n/a	exe	40cd8d9b6df941a90d60c7e00b6f2dbb70588ea0a3684fb39a60c393f1314afb	52.00%	Amadey
2024-08-18	n/a	exe	ab784e890cd75d28bbafa92580d1bd78e425eae49a189e93fdeeb41103e28ad5	55.41%	Amadey
2024-08-18	n/a	exe	0580aef848b294e9276d99f5d8303770159034581f2fbf954eba4d16a573bdd4	55.41%	Amadey
2024-08-18	n/a	exe	703186ed6296e42bf237e33f412e08f321679b0784d1f39e25dce7f7c4ec2f77	54.05%	Amadey
2024-08-18	n/a	exe	88278eef44750ef0b8c59ba4d4e79e5dfb48c8a08df4035f61fa3f3b8274f094	49.28%	Amadey